source: trunk/include/regfi.h @ 84

Last change on this file since 84 was 84, checked in by tim, 17 years ago

rearranged structure contents to reduce fragmentation on 64 bit systems.

make regfi interface return const structures to help enforce separation

removed a little cruft from some parsing functions
  • Property svn:keywords set to Id
File size: 9.6 KB
Line 
1/*
2 * Branched from Samba project, Subversion repository version #6903:
3 *   http://viewcvs.samba.org/cgi-bin/viewcvs.cgi/trunk/source/include/regfio.h?rev=6903&view=auto
4 *
5 * Unix SMB/CIFS implementation.
6 * Windows NT registry I/O library
7 *
8 * Copyright (C) 2005-2007 Timothy D. Morgan
9 * Copyright (C) 2005 Gerald (Jerry) Carter
10 *
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; version 2 of the License.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
23 *
24 * $Id: regfi.h 84 2007-01-19 14:52:25Z tim $
25 */
26
27/************************************************************
28 * Most of this information was obtained from
29 * http://www.wednesday.demon.co.uk/dosreg.html
30 * Thanks Nigel!
31 ***********************************************************/
32
33#ifndef _REGFI_H
34#define _REGFI_H
35
36#include <stdlib.h>
37#include <stdio.h>
38#include <stdbool.h>
39#include <string.h>
40#include <errno.h>
41#include <time.h>
42#include <fcntl.h>
43#include <sys/stat.h>
44#include <sys/types.h>
45#include <unistd.h>
46#include <assert.h>
47
48#include "smb_deps.h"
49#include "void_stack.h"
50
51/******************************************************************************/
52/* Macros */
53 
54/* Registry data types */
55#define REG_NONE                       0
56#define REG_SZ                         1
57#define REG_EXPAND_SZ                  2
58#define REG_BINARY                     3
59#define REG_DWORD                      4
60#define REG_DWORD_LE                   4  /* DWORD, little endian */
61#define REG_DWORD_BE                   5  /* DWORD, big endian */
62#define REG_LINK                       6
63#define REG_MULTI_SZ                   7
64#define REG_RESOURCE_LIST              8
65#define REG_FULL_RESOURCE_DESCRIPTOR   9
66#define REG_RESOURCE_REQUIREMENTS_LIST 10
67#define REG_QWORD                      11 /* 64-bit little endian */
68/* XXX: Has MS defined a REG_QWORD_BE? */
69/* Not a real type in the registry */
70#define REG_KEY                        0x7FFFFFFF
71
72
73#define REGF_BLOCKSIZE          0x1000
74#define REGF_ALLOC_BLOCK        0x1000
75#define REGF_MAX_DEPTH          512
76
77/* header sizes for various records */
78
79#define REGF_HDR_SIZE           4
80#define HBIN_HDR_SIZE           4
81#define HBIN_HEADER_REC_SIZE    0x24
82#define REC_HDR_SIZE            2
83
84#define REGF_OFFSET_NONE        0xffffffff
85
86/* Flags for the vk records */
87
88#define VK_FLAG_NAME_PRESENT    0x0001
89#define VK_DATA_IN_OFFSET       0x80000000
90#define VK_MAX_DATA_LENGTH      1024*1024
91
92/* NK record macros */
93
94#define NK_TYPE_LINKKEY         0x0010
95#define NK_TYPE_NORMALKEY       0x0020
96#define NK_TYPE_ROOTKEY         0x002c
97
98#define HBIN_STORE_REF(x, y) { x->hbin = y; y->ref_count++ };
99/* if the count == 0; we can clean up */
100#define HBIN_REMOVE_REF(x, y){ x->hbin = NULL; y->ref_count-- };
101
102
103/* HBIN block */
104struct regf_hbin;
105typedef struct regf_hbin {
106  struct regf_hbin* prev;
107  struct regf_hbin* next;
108  uint32 file_off;       /* my offset in the registry file */
109  uint32 free_off;       /* offset to free space within the hbin record */
110  uint32 free_size;      /* amount of data left in the block */
111  uint32 ref_count;      /* how many active records are pointing to this
112                          * block (not used currently)
113                          */
114 
115  uint32 first_hbin_off; /* offset from first hbin block */
116  uint32 block_size;     /* block size of this block is
117                          * usually a multiple of 4096Kb
118                          */
119  uint8  header[HBIN_HDR_SIZE]; /* "hbin" */
120  prs_struct ps;         /* data */
121  bool dirty;            /* has this hbin block been modified? */
122} REGF_HBIN;
123
124/* ??? List -- list of key offsets and hashed names for consistency */
125typedef struct {
126  uint32 nk_off;
127  uint8 keycheck[sizeof(uint32)];
128} REGF_HASH_REC;
129
130typedef struct {
131  REGF_HBIN* hbin;       /* pointer to HBIN record (in memory) containing
132                          * this nk record
133                          */
134  REGF_HASH_REC* hashes;
135  uint32 hbin_off;       /* offset from beginning of this hbin block */
136  uint32 rec_size;       /* ((start_offset - end_offset) & 0xfffffff8) */
137 
138  uint8 header[REC_HDR_SIZE];
139  uint16 num_keys;
140} REGF_LF_REC;
141
142/* Key Value */
143
144typedef struct {
145  REGF_HBIN* hbin;      /* pointer to HBIN record (in memory) containing
146                         * this nk record
147                         */
148  char*  valuename;
149  uint8* data;
150  uint32 hbin_off;      /* offset from beginning of this hbin block */
151  uint32 rec_size;      /* ((start_offset - end_offset) & 0xfffffff8) */
152  uint32 rec_off;       /* offset stored in the value list */
153 
154  uint32 data_size;
155  uint32 data_off;
156  uint32 type;
157  uint8  header[REC_HDR_SIZE];
158  uint16 flag;
159} REGF_VK_REC;
160
161
162/* Key Security */
163struct _regf_sk_rec;
164
165typedef struct _regf_sk_rec {
166  struct _regf_sk_rec* next;
167  struct _regf_sk_rec* prev;
168  REGF_HBIN* hbin;      /* pointer to HBIN record (in memory) containing
169                         * this nk record
170                         */
171  SEC_DESC* sec_desc;
172  uint32 hbin_off;      /* offset from beginning of this hbin block */
173  uint32 rec_size;      /* ((start_offset - end_offset) & 0xfffffff8) */
174 
175  uint32 sk_off;        /* offset parsed from NK record used as a key
176                         * to lookup reference to this SK record
177                         */
178 
179  uint32 prev_sk_off;
180  uint32 next_sk_off;
181  uint32 ref_count;
182  uint32 size;
183  uint8  header[REC_HDR_SIZE];
184} REGF_SK_REC;
185
186
187/* Key Name */ 
188typedef struct {
189  uint32 hbin_off;      /* offset from beginning of this hbin block */
190  uint32 rec_size;      /* ((start_offset - end_offset) & 0xfffffff8) */
191  REGF_HBIN *hbin;      /* pointer to HBIN record (in memory) containing
192                         * this nk record */
193
194  /* link in the other records here */
195  REGF_VK_REC* values;
196  REGF_SK_REC* sec_desc;
197  REGF_LF_REC subkeys;
198 
199  /* header information */
200  /* XXX: should we be looking for types other than the root key type? */
201  uint16 key_type;     
202  uint8  header[REC_HDR_SIZE];
203  NTTIME mtime;
204  char* classname;
205  char* keyname;
206  uint32 parent_off;    /* back pointer in registry hive */
207  uint32 classname_off; 
208 
209  /* max lengths */
210  uint32 max_bytes_subkeyname;      /* max subkey name * 2 */
211  uint32 max_bytes_subkeyclassname; /* max subkey classname length (as if) */
212  uint32 max_bytes_valuename;       /* max valuename * 2 */
213  uint32 max_bytes_value;           /* max value data size */
214 
215  /* unknowns */
216  uint32 unk_index;                 /* nigel says run time index ? */
217 
218  /* children */
219  uint32 num_subkeys;
220  uint32 subkeys_off;   /* hash records that point to NK records */     
221  uint32 num_values;
222  uint32 values_off;    /* value lists which point to VK records */
223  uint32 sk_off;        /* offset to SK record */
224 
225} REGF_NK_REC;
226
227
228/* REGF block */
229typedef struct {
230  /* run time information */
231  int fd;         /* file descriptor */
232  int open_flags; /* flags passed to the open() call */
233  void* mem_ctx;  /* memory context for run-time file access information */
234  REGF_HBIN* block_list; /* list of open hbin blocks */
235 
236  /* file format information */
237  REGF_SK_REC* sec_desc_list;   /* list of security descriptors referenced
238                                 * by NK records
239                                 */
240 
241  uint8  header[REGF_HDR_SIZE]; /* "regf" */
242  NTTIME mtime;
243  uint32 data_offset;           /* offset to record in the first (or any?)
244                                 * hbin block
245                                 */
246  uint32 last_block;            /* offset to last hbin block in file */
247  uint32 checksum;              /* XOR of bytes 0x0000 - 0x01FB */
248 
249  /* unknowns */
250  uint32 unknown1;
251  uint32 unknown2;
252  uint32 unknown3;
253  uint32 unknown4;
254  uint32 unknown5;
255  uint32 unknown6;
256} REGF_FILE;
257
258
259typedef struct {
260  REGF_FILE* f;
261  void_stack* key_positions;
262  REGF_NK_REC* cur_key;
263  uint32 cur_subkey;
264  uint32 cur_value;
265} REGFI_ITERATOR;
266
267
268typedef struct {
269  REGF_NK_REC* nk;
270  uint32 cur_subkey;
271  /* We could store a cur_value here as well, but didn't see
272   * the use in it right now.
273   */
274} REGFI_ITER_POSITION;
275
276
277/******************************************************************************/
278/* Function Declarations */
279
280const char*           regfi_type_val2str(unsigned int val);
281int                   regfi_type_str2val(const char* str);
282
283char*                 regfi_get_sacl(SEC_DESC* sec_desc);
284char*                 regfi_get_dacl(SEC_DESC* sec_desc);
285char*                 regfi_get_owner(SEC_DESC* sec_desc);
286char*                 regfi_get_group(SEC_DESC* sec_desc);
287
288REGF_FILE*            regfi_open(const char* filename);
289int                   regfi_close(REGF_FILE* r);
290
291REGFI_ITERATOR*       regfi_iterator_new(REGF_FILE* fh);
292void                  regfi_iterator_free(REGFI_ITERATOR* i);
293bool                  regfi_iterator_down(REGFI_ITERATOR* i);
294bool                  regfi_iterator_up(REGFI_ITERATOR* i);
295bool                  regfi_iterator_to_root(REGFI_ITERATOR* i);
296
297bool                  regfi_iterator_find_subkey(REGFI_ITERATOR* i, 
298                                                 const char* subkey_name);
299bool                  regfi_iterator_walk_path(REGFI_ITERATOR* i, 
300                                               const char** path);
301const REGF_NK_REC*    regfi_iterator_cur_key(REGFI_ITERATOR* i);
302const REGF_NK_REC*    regfi_iterator_first_subkey(REGFI_ITERATOR* i);
303const REGF_NK_REC*    regfi_iterator_cur_subkey(REGFI_ITERATOR* i);
304const REGF_NK_REC*    regfi_iterator_next_subkey(REGFI_ITERATOR* i);
305
306bool                  regfi_iterator_find_value(REGFI_ITERATOR* i, 
307                                                const char* value_name);
308const REGF_VK_REC*    regfi_iterator_first_value(REGFI_ITERATOR* i);
309const REGF_VK_REC*    regfi_iterator_cur_value(REGFI_ITERATOR* i);
310const REGF_VK_REC*    regfi_iterator_next_value(REGFI_ITERATOR* i);
311
312
313/* Private Functions */
314REGF_NK_REC*          regfi_rootkey(REGF_FILE* file);
315void                  regfi_key_free(REGF_NK_REC* nk);
316
317
318#endif  /* _REGFI_H */
Note: See TracBrowser for help on using the repository browser.